Display posts from previous

Sort by

FIrst off, many thanks for what's certainly the most useful, stable and well-updated piece of NZB software on the Android platform!

As to my feature request; I expose my NZB services like NZBget, Couchpotato and Sonarr behind an nginx reverse proxy, but for added security in exposing these services to the global Internet I first require that any remote client present a client certificate signed by my internal cert authority before it can reach any of those applications.

This works well if I'm browsing to my exposed NZB services with Android Chrome; I can load up the external URL for the service in Android Chrome and, since I've preloaded my phone with the client certificate package into its trust store, I can just select the right client cert to present and then access the service.

This doesn't work for nzb360 though, perhaps because it doesn't currently know how to tap into the client certificates that a user may have installed on their device?

It's a pretty niche request (and I have honestly no idea how much extra work this may actually entail!), but if it were possible to add to nzb360 the ability to consult the trusted client certificates a user may have installed on their device and present the right one to an exposed NZB service when nzb360 hits it, that would be a really nice benefit to securely exposing these kind of services to the global Internet and then accessing them with nzb360.

Oh yeah, certainly, and I have done that in the past too. But asking for client certificates at the reverse proxy transport layer and doing away with the VPN server seemed like an acceptable middle way when I was rebuilding the server to run all of its NZB services out of containers.

With a bit more config I could probably get the reverse proxy to where it doesn't require client certificates for VPN clients, and be able to expose the services to WWW if needed, but VPN in too.

I had just wondered how hard it might be for a third-party app like nzb360 to get access to the same trust store that Chrome on Android uses to access the user's client certificates, but the answer may well be that third party apps aren't trusted to do that easily in the Android security model.